﻿<?php
    @session_start();
    ob_start();
    $rootdir = rtrim($_SERVER['DOCUMENT_ROOT'],"/");
    include_once("../logic/userLogic.php");
    include_once("../initial.php");
    $userlogin = new userLogic();

    if (isset($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) )
    { 
     $ip = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]; 
    } 
    elseif (isset($HTTP_SERVER_VARS["HTTP_CLIENT_IP"]) )
    { 
     $ip = $HTTP_SERVER_VARS["HTTP_CLIENT_IP"]; 
    }
    elseif (isset($HTTP_SERVER_VARS["REMOTE_ADDR"]) )
    { 
     $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; 
    } 
    elseif (getenv("HTTP_X_FORWARDED_FOR")) 
    { 
     $ip = getenv("HTTP_X_FORWARDED_FOR"); 
    } 
    elseif (getenv("HTTP_CLIENT_IP"))
    { 
     $ip = getenv("HTTP_CLIENT_IP"); 
    } 
    elseif (getenv("REMOTE_ADDR"))
    { 
     $ip = getenv("REMOTE_ADDR"); 
    } 
    else 
    { 
     $ip = "Unknown"; 
    } 
    if(isset($_GET['url']))
    {
    		$currentUrl=$_GET['url'];
    		$smarty->assign("currentUrl", $currentUrl);
    }
    $notice="";
    if(isset($_POST['userloginaction']) && $_POST['userloginaction']=="login")
    {
    	/*
				$code = $_POST['code'];
		        
				if(trim($code) != $_SESSION['verifiedcode'])
				{
					$smarty->assign("notice","验证码错误");
		            $smarty->display("user/login.html");
		            exit;
				}
        */
        $userid = $_POST['Name'];
        $psw = $_POST['password'];
        if($userid=="" || $psw=="")
        {
        		$notice="输入的用户名或者密码不能为空.";
        }
        $array = array("uid"=>$userid,"passwd"=>md5($psw));
        $check=$userlogin->checkUser($userid, $psw);
        $uid="";
        if($check)
        {
        	$uid=$userid;
        }
        $userinfo = $userlogin->get_user(array("id"=>$userid));
        if($check && $userinfo[0]['level']>0)
        {
        	$_SESSION["admin"]=true;
        }
        if($check)
        {
        		$_SESSION['user'] = $uid;
            $url="index.php";
            if(isset($_GET['url']))
            {
            		$url = urldecode($_GET['url']);
            }
            $url = constant('PROJECT_URL')."/".$url;
            echo "<script language='javascript'>";
            echo " location='".$url."';";
            echo "</script>";
            
            exit;
        }
        else
        {
            $_SESSION['user']="";
            $notice="用户名或者密码错误.";
            $notice .= "登录失败";
            $smarty->assign("notice",$notice);
            $smarty->display("user/login.html");
            exit;
        }
    }
    if(!isset($_SESSION['user']) || $_SESSION['user']=="")
    {
        $smarty->display("user/login.html");
        exit;
    }
    else
    {
        $uid = $_SESSION['user'];
        $tag = $ip.$uid;
        if($_SESSION[$tag]==false)
        {
            $smarty->display("user/login.html");
            exit;
        }
        else
        {
            $servname = $_SERVER['ServerName'];
            $smarty->assign("notice","登录成功，点击<a href=\"$servname\">主页</a>");
            $smarty->display("user/login.html");
        }
    }
?>
